wastingtimewithforums said:
ManipUni said:
*snip*

Well, it makes it *much* easier. That's the problem.

If a toned down UAC is what it takes to make people accept to upgrade and to run with some sort of UAC, this will defintely benefit security on average as you will agree that Windows 7 with a limited UAC is still much better than either XP or Vista with UAC turned off.

Unfortunately, these are quite common as far as I can see... I know my customer base does not qualify as a valid statistic, but what I could see is worrying. When asked, the customers usually justify their choices (and the fact that they are using administrative accounts in the first place) with some legacy or homegrown software they cannot afford to update. Others simply say that the UAC is too annoying, either because they didn't try it long enough, or because they heard enough hearsay to this effect.

In brief, you cannot shove security (or any other brilliant design) down the throat of your customers if this impacts significantly their perceived usability. They will simply react by not buying your software or requiring a way to keep working like they were used to. This is a hard lesson to learn, and it's sad that a large number of developers still don't get it.